Wednesday, 26 August 2009 17:15

Prometheus Global is proud to announce the release of Atomic Secured Linux 2.2, the latest version of our cutting-edge Unified Security solution for servers.

ASL 2.2 is another major update to the ASL product line. 2.2 includes the following exciting new features:

  • Stand Alone GUI with dedicated web management daemon
  • Graphical Server Monitor
  • Loads of GUI improvements
  • New searching features in alerts GUI
  • Complete re-write in C
  • Lots of New vulnerability check and auto-fix
  • FTP anti-malware upload protection
  • SFTP anti-malware upload protection
  • FTP RBLs
  • Full FIPS 140-2 compliance
  • ASL instance locking
  • Excessive whitelist vulnerability checking
  • Vulnerability checks for whitelisting IP's in mod_security
  • Enhanced Cross Site Scripting protection
  • Enhanced firewalling
  • More SSH checks
  • Added support to --report-false positive to use both the full and relative paths.
  • New PHP checks and cloaking capabilities.
  • New asl-stream client replaces modsec-clam perl tool.

and much much more!


Atomic Secured Linux(tm) is an out-of-the-box Unified Security Suite for Linux(tm) systems designed to protect your servers against both known and unknown threats. It is distributed through a subscription yum channel ensuring that ASL is always kept up to date. Unlike other security solultions, ASL works by combining security at all layers, from the Kernel all the way up to the application layer to provide the most complete protection available for Linux servers and helps to ensure that your system is complaint with commercial and government security standards. ASL includes the most harderned kernel on the market, automated system hardening techniques, userspace and host Intrusion Prevention Systems (IPS), malware/rootkit detection and elimination, blacklisting technologies and web application firewalling to protect multiuser and web application hosting environments like no other solution. ASL is uniquely effective at addressing emerging threats posed by vulnerabilities in todays complex systems and applications, such as web hosting environments, multiuser systems, CRM's, ERPs, forums, shopping carts, Content Management systems and custom applications.
ASL

The design of ASL approaches securing the server and its applications, by combining different layers of security technologies and application layer firewalls to filter out malicious content before it reaches the application. Our hardened kernel subsystems further enhance the overall security model by enforcing file, network and process level security policies on the system.

The ASL approach also includes our "Just In Time Patching" system, which allows you to address security threats posed by applications where either it is not possible to fix the application due to lack of source code, availability of resources, or the number of applications that make repairing all vulnerabilities economically unfeasible. You can known that your systems are protected, even when you can't patch them.

 

Get your copy today!

Changelog:

  • ASL Web, the standalone web gui. A dynamic, resizable open interfaceto manage security policy and event information.
  • Kernel 2.6.29.6, with support for vmware's VMI interface, ext4 and btrfs file systems, and much much more
  • OSSEC upgraded to 2.1
  • ASL Core has been completely re-written in C for faster and more flexible capabilities
  • Added vulnerability checks for simple FTP passwords
  • Added new dynamic purge events for stale blocklist entries
  • Added vulnerability checks for excessive whitelists
  • Whitelisting now handles bitmask based whitelisting across all services * Added checks for SSL/TLS usage in qmail
  • Added expose_php checks for Plesk daemons
  • Command line arguments now support multiple entries (--blacklist 1.2.3.4 4.5.6.7 7.8.9.10)
  • Extended firewall module checking in the asl-mod init script
  • Added ability to disable SSH Banner checks (for lemonbit)
  • Added ability to set Apache "graceful" restarts (for enom)
  • PHP checks for safe_mode have been lowered from "high" to "moderate"
  • PHP checks for escapeshellcmd have been dropped to "low"
  • Added configuration checks for the Plesk 9 /etc/xinet.d/ excludes in rkhunter
  • Added vulnerability check for psa-atmail
  • Added vulnerability check for psa-proftpd
  • Added SSL settings detection between Plesk 8.x and 9.x
  • RKHUNTER_SSH_ROOT_LOGIN now defaults to SSH_ROOTLOGINS variable by default
  • Added detection for Horde and Squirrelmail during PHP functions check in the configuration phase. This will automatically allow the required PHP functions (popen, etc).
  • Added migration routine for plesk environments from the old asl-web-gui to the new asl-web
  • update to KERNELS file to support the new 2.6.29.6 kernels
  • Updated configuration_setup to detect & start mysql if its not running
  • Update on ossec_database_setup to warn on blank passwords
  • Added routine to kill stale ossec-dbd processes in ossec_check
  • Removed restrictions on the max length of a message field in the Events Display
  • New turtle graphics, now with Lensflare!
  • Optional: An upgraded psa-proftp for Plesk users to 1.3.2a, which includes SFTP, RBL (real-time black lists), and ClamAV support

Bugfixes:
- Bugfix on remove-blacklist
- Bugfix #XXX, fix for vulnerability scanner to show details if there was only 1 entry
- Bugfix #XXX, fix for ossec excessive whitelists check to show correct vuln level based on total # of whitelists
- Bugfix #XXX, correctly install the asl-button for plesk environments
- Bugfix #XXX, on ossec_database_setup
- Bugfix #XXX, on asl-mod (adds more modules)
- Bugfix #XXX, on white/black/geoblock/blocking .js files
- Bugfix #XXX, ssh_check, added missing message for GSSAPICleanup test
- Bugfix #XXX, rkhunter_check, added missing message for SSH protocol 1test
- Bugfix #XXX, multi-arguement/value events
- Bugfix #XXX, in vulnerability stub data for ET_EXEC
- Bugfix #XXX, ssh_check banner test (bareword found issue)
- Bugfix #XXX, Added a condition to detect /var/asl/tmp/VERSION on new installs
- Bugfix #XXX, --whitelist typo on the asl-shun command
- Bugfix #XXX, ssh_check, Added more logic around allowed root logins, this will skip the fixed check now and just report it as allowed/vulnerable if it is fact allowed.
- Bugfix #xxx, mod_security, cleaned up path checking on SecTmpDir
- Bugfix #xxx, php_check, Changed execute flag string to be more clear on exentions check
- Bugfix #xxx, php_check, disable_functions check will now create the line if it doesnt exist rather than rewrite it
- Bugfix #XXX, for pending updates check
- Bugfix #XXX, for denyhosts bitmask whitelist
- Bugfix to detect spamassassin before checking its permissions
- Bugfix for ossec_check and web.conf, deprecated dhtml.conf files
- Bugfix for mod_security_check to correctly parse Dir directives
- Bugfix for mod_security_check SecAuditLogStorageDir
- Bugfix, mod_security_check now supports both "on/off" and "yes/no" values
- Bugfix, mod_security_check copies rulegroups over correctly now
- Bugfix, mod_security_check copies over tertiary configs now (spam.conf, sql.txt, etc)
- Bugfix, mod_security_check, when the whitelist is enabled, it is now flagged as a vulnerability
- Bugfix, php_check updated to support yes/no, and on/off conditions
- Bugfix #XXX, corrected condition where ssh vulnerability checks were not being reported for SSH password authentication being enabled.
- Bugfix #XXX, added a wrapper to lint the config file for the CONFIGURED flag


Upgrading to 2.2:

1) Ensure that you allow mysql connections from localhost, and that skip-networking is not set in /etc/my.cnf

2yum upgrade

3) asl -s -f

4) Log in to the web interface on port 30000 with your web browser with https:

https://<IP>:30000




To Install on a clean system:
1) wget -q -O - http://www.atomicorp.com/installers/asl |sh

2) Log in to the web interface on port 30000 with your web browser  https:

https://<IP>:30000